As is known, offerings, such as software and services, can be deployed to customers via a network. Conventionally, a provider, such as a software manufacturer, sends its offerings from the provider's server to its customer's assets (e.g., a customer's computer). The topology resembles a wheel, with the provider's server as the “hub” of the wheel and the customer assets connected via network “spokes” to the hub. Accordingly, this topology is known as the hub and spokes model. The hub and spoke model is focused on delivering offerings where the resources needed to deliver the offerings are centrally located.
However, there are cases in which the hub and spoke model makes it difficult to service customers. For example, the provider may have a partner (e.g., a distributor) who has the primary relationship with the customer. In this case, the partner must coordinate with the provider to deliver offerings from the provider's central hub. This is inefficient for the partner, as well as for the customer who must establish a network connection with the provider.
Further, recent privacy laws have placed a strain on the hub and spoke model. Data collected from customers' environments needs to be not only logged and agreed upon, but the purpose of the collection needs to be controlled and noted. The architecture therefore needs to provide a tighter relationship between data collected from the customer and its analysis and purpose. Customers, such as military organizations, may be sensitive to the recording of such information. As customer information is gathered at the provider in the hub and spoke model, this model has disadvantages to information-sensitive customers. Customers may prefer to maintain control of their own data within their proprietary network and host the provided offerings within their datacenters.
In particular, new privacy related laws, such as the Health Insurance Portability and Accountability Act (the HIPAA Act), the Sarbanes-Oxley Act, and the Patriot Act, has placed significant problems on maintaining the security and privacy of data transferred within a network. For example, under the HIPAA Act, medical facilities cannot transfer patient records to others, including insurance companies, without explicit patient authorization. Conventional secure data storage solutions often are based on the principle of access control to the data collected in a central facility. Other conventional secure data storage solutions have provided discrete data segmentation within a data store or repository. However, these conventional secure data storage solutions do not provide a company with the flexibility to selectively implement privacy control over data to meet the requirements of the current privacy laws, especially when the company's data is being transferred outside of the company's environment or control, for example, to vendors providing related services to the company.
Therefore, a need has long existed for a method and a system that overcome the problems noted above and others previously experienced.